CVE-2025-23007

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions SonicWall NetExtender versions up to 10.3.0

Description A vulnerability in the NetExtender Windows client log export function allows unauthorized access to sensitive Windows system files, potentially leading to privilege escalation.

Recommendations For SonicWall NetExtender versions up to 10.3.0, update to a version later than 10.3.0 to resolve the issue. As a temporary workaround, consider restricting access to the log export function to minimize the risk of exploitation.

Fix

LPE

Improper Privilege Management

Incorrect Default Permissions

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-269CWE-276

Related Identifiers

CVE-2025-23007

Affected Products

Sonicwall Netextender

CVE-2025-23007

Weakness Enumeration

Related Identifiers

Affected Products

References · 9